{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1387", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2023-03-14T11:11:01.304Z", "datePublished": "2023-04-26T13:47:16.914Z", "dateUpdated": "2025-02-13T16:39:22.007Z"}, "containers": {"cna": {"affected": [{"product": "Grafana", "vendor": "Grafana", "versions": [{"lessThan": "9.2.17", "status": "affected", "version": "9.1.0", "versionType": "semver"}, {"lessThan": "9.3.13", "status": "affected", "version": "9.3.0", "versionType": "semver"}, {"lessThan": "9.5.0", "status": "affected", "version": "9.4.0", "versionType": "semver"}]}, {"product": "Grafana Enterprise", "vendor": "Grafana", "versions": [{"lessThan": "9.2.17", "status": "affected", "version": "9.1.0", "versionType": "semver"}, {"lessThan": "9.3.13", "status": "affected", "version": "9.3.0", "versionType": "semver"}, {"lessThan": "9.5.0", "status": "affected", "version": "9.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Grafana is an open-source platform for monitoring and observability. </p><p>Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. </p><p>By enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.</p>"}], "value": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana."}], "impacts": [{"capecId": "CAPEC-116", "descriptions": [{"lang": "en", "value": "CAPEC-116"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2023-06-09T07:06:35.623Z"}, "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-1387/"}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j"}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0003/"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:49:11.313Z"}, "title": "CVE Program Container", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-1387/", "tags": ["x_transferred"]}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0003/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-31T16:11:53.656123Z", "id": "CVE-2023-1387", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T16:12:05.145Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-1387/", "tags": ["x_transferred"]}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:49:11.313Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1387", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-31T16:11:53.656123Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T16:11:39.486Z"}}], "cna": {"impacts": [{"capecId": "CAPEC-116", "descriptions": [{"lang": "en", "value": "CAPEC-116"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Grafana", "product": "Grafana", "versions": [{"status": "affected", "version": "9.1.0", "lessThan": "9.2.17", "versionType": "semver"}, {"status": "affected", "version": "9.3.0", "lessThan": "9.3.13", "versionType": "semver"}, {"status": "affected", "version": "9.4.0", "lessThan": "9.5.0", "versionType": "semver"}]}, {"vendor": "Grafana", "product": "Grafana Enterprise", "versions": [{"status": "affected", "version": "9.1.0", "lessThan": "9.2.17", "versionType": "semver"}, {"status": "affected", "version": "9.3.0", "lessThan": "9.3.13", "versionType": "semver"}, {"status": "affected", "version": "9.4.0", "lessThan": "9.5.0", "versionType": "semver"}]}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-1387/"}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j"}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0003/"}], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.", "supportingMedia": [{"type": "text/html", "value": "<p>Grafana is an open-source platform for monitoring and observability. </p><p>Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. </p><p>By enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2023-06-09T07:06:35.623Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1387", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:39:22.007Z", "dateReserved": "2023-03-14T11:11:01.304Z", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "datePublished": "2023-04-26T13:47:16.914Z", "assignerShortName": "GRAFANA"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "matchCriteriaId": "5664FC02-E4AA-41EC-8EAA-300AD2272CC2", "versionEndExcluding": "9.2.17", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A544263-545D-4D86-B29F-F7FC12E9A34F", "versionEndExcluding": "9.3.13", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "matchCriteriaId": "99EBCA47-A3CD-4C20-B151-300D43426EB2", "versionEndExcluding": "9.4.9", "versionStartIncluding": "9.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana."}], "id": "CVE-2023-1387", "lastModified": "2025-02-13T17:15:58.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security@grafana.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-26T14:15:09.430", "references": [{"source": "security@grafana.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j"}, {"source": "security@grafana.com", "tags": ["Vendor Advisory"], "url": "https://grafana.com/security/security-advisories/cve-2023-1387/"}, {"source": "security@grafana.com", "url": "https://security.netapp.com/advisory/ntap-20230609-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://grafana.com/security/security-advisories/cve-2023-1387/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230609-0003/"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@grafana.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Grafana Security Team as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:0746", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "rhceph/rhceph-5-dashboard-rhel8:5-83", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-02-08T00:00:00Z"}, {"advisory": "RHSA-2023:7741", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/rhceph-6-dashboard-rhel9:6-82", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2023-12-12T00:00:00Z"}], "bugzilla": {"description": "grafana: JWT token leak to data source", "id": "2186322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186322"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["Grafana is an open-source platform for monitoring and observability. \nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.", "A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the \"url_login\" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attacks against the affected system."], "name": "CVE-2023-1387", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Affected", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "rhceph/rhceph-4-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Storage 3"}], "public_date": "2023-04-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-1387\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1387\nhttps://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/\nhttps://grafana.com/security/security-advisories/cve-2023-1387/"], "threat_severity": "Moderate"}